Announcements

Help Wizard

Step 1

NEXT STEP

Errors in authorization code flow documentation for refreshing token?

Errors in authorization code flow documentation for refreshing token?

Avatar of larsks
Newbie
2022-05-27 03:39 AM

According to the authorization code flow documentation, in order to use a refresh token to receive a new access token we need to POST a request to https://accounts.spotify.com/api/token with the following fields in the x-www-form-urlencoded body:

 

  • grant_type
  • refresh_token

And send an HTTP basic authorization header with the base64 "client_id:client_secret" value. That all translate into something like:

 

curl https://accounts.spotify.com/api/token \
  -d 'grant_type=refresh_token' \
  -d 'refresh_token=...' \
  -H "Authorization: Basic $(echo -n "$client_id:$client_secret"|base64 -w0)"

 

..but this doesn't appear to work. Following the suggestion of some random person on github, I am able to successfully request a new access token if I get rid of the authorization header and include in the request body:

 

  • grant_type
  • refresh_token
  • client_id
  • client_secret

That is:

curl https://accounts.spotify.com/api/token \
  -d 'grant_type=refresh_token' \
  -d 'refresh_token=...' \
  -d "client_id=$client_id" \
  -d "client_secret=$client_secret"

 

Is the documentation incorrect? Am I just lucky that the second form of the request works, even though it's not documented?  Thanks!

0 Likes
Reply
0 Replies

Suggested posts

Let's introduce ourselves!

Hey there you,   Yeah, you! 😁   Welcome - we're glad you joined the Spotify Community!   While you here, let's have a fun game and get…

Staff
ModeratorStaff / Moderator/ 2 years ago in Social & Random
Read more